Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-07-18

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 jslatts joined #salt
00:02 MWGriffin joined #salt
00:03 MWGriffin So I haven't looked at the source yet, but anyone know.what kind of pattern Salt uses for distributing files through ZeroMQ?
00:03 MWGriffin Rep req?
00:09 shane is there documentation somewhere for how to setup a repo for OS X and do things like mount dmg and install packages?
00:14 MWGriffin You mean modules that perform those operations?
00:14 shane MWGriffin: is that reply for me?
00:14 MWGriffin Shane: Yeah
00:15 sturdy joined #salt
00:15 blee_ joined #salt
00:16 shane MWGriffin: well, I'm just looking for documentation for how it's done.  I keep seeing stuff like saltstack is fully supported on OS X., but I'm not really seeing anything other than the brew stuff.
00:18 madduck joined #salt
00:18 Linz joined #salt
00:18 MWGriffin shane: By fully supported on OSX I think they mean that salr will run on OSX, not that there are specific modules that'll perform package management etc. on it.
00:18 dthom91 joined #salt
00:19 MWGriffin shane: Its the same with Ansible too
00:20 MWGriffin shane: (I wrote some playbooks that install applications: downloads them from URLs, unpackage them and installs them
00:21 MWGriffin shane: I think it'd be pretty easy to write a module that would perform those same functions with Salt
00:22 shane MWGriffin: so basically it's just shelling out and running commands?
00:23 Gifflen joined #salt
00:23 MWGriffin shane: Exactly.
00:24 MWGriffin Except over ZeroMQ
00:24 MWGriffin shane: which makes it stupid fast.
00:24 yml joined #salt
00:25 MWGriffin shane: it does lots of other stuff though like gather data about the machines it's connecting to etc
00:25 MWGriffin shane: transfer files and more
00:25 shane hmm...  I haven't played on OS X extensively, but I had written some shell scripts to automate some install.  Some of it was pretty crappy.  Mounting dmg's and copying the package.  Sometimes that doesn't work and you have to actually run the software on the .dmg (like tunnelblick) for it to be installed right.
00:27 MWGriffin shane: but in terms of installing a Mac app for instance, you either have to use existing modules in a state or write your own module
00:28 MWGriffin shane: Yeah I pretty much wrote that for Ansible
00:28 shane MWGriffin: hmm, was hoping to not have to do that... =)
00:28 MWGriffin shane: But I'm going to have to use Expect to deal with prompts in the command line
00:29 MWGriffin shane: lol yeah, hence why I think it'd be dope to write a module that'd do that
00:29 shane oy...
00:29 shane heh
00:29 MWGriffin shane: which I probably will
00:30 shane I had done some automation stuff with expect before.  My experience was that sometimes it gets a bit unreliable...
00:31 Furao_ joined #salt
00:33 shane MWGriffin: so also nothing currently to do things like write defaults or modify plists?
00:33 m_george|away joined #salt
00:33 MWGriffin shane: Fuck I wish
00:34 MWGriffin Check out the playbooks I wrote for Ansible, for instance the intermediate one
00:34 MWGriffin https://github.com/MWGriffin/ansible-playbooks
00:34 m_george left #salt
00:35 MWGriffin shane: You're looking for something like GitHub's Boxen except not running ontop of Puppet lol
00:36 MWGriffin shane: Cuz puppet is stupidly complex
00:36 shane If you asked me maybe 5 years ago, I never really imagine that I'd prefer to the way things work on Linux over OS X.
00:37 shane MWGriffin: I hadn't played with puppet in a while, but was not impressed when I did.
00:37 MWGriffin shane: Hehe. I just got into Linux and got into Mac about a year ago
00:38 MWGriffin shane: I can't believe I haven't been using them for a looooong time
00:39 mgw joined #salt
00:39 MWGriffin shane: I would like to design a really aesthetically pleasing UI for Linux that focuses on usability, as most Linux desktop designs BLOW hard
00:39 shane every time I play with a mac now, I think, ooh, nice hardware.  I like how fast it recovers from suspend.  Then I start playing with it more, and totally start to hate it.
00:40 MWGriffin shane: And I honestly think that that is a part of why it hasn't really caught on in the Desktop environment
00:40 MWGriffin shane: lol. At least its better than windows
00:41 MWGriffin shane: what kind of stuff are you working on?
00:41 shane MWGriffin: based on just a few packages that I've come across, I'm not sure how you'd handle the exceptions.
00:42 shane MWGriffin: I'm just trying to find a way to manage our environment / automate installs & upgrades (Windows/Linux/OS X).
00:43 shane particularly for something like jre (which the ERP people need)
00:43 shane right now, every time there's a need to upgrade jre, it's a lot of pain
00:43 MWGriffin shane: Yeah I'd say Salt is your best bet if you want total flexibility as you can write shit in pure Python if you need that much logic
00:44 MWGriffin shane: I bet. Configuration management is the shit!
00:45 MWGriffin shane: Where are you located if you don't mind me asking?
00:46 shane MWGriffin: San Fran
00:46 MK_FG joined #salt
00:46 MWGriffin shane: sweetness
00:47 MWGriffin shane: I'm up here in Portland
00:48 shane MWGriffin: I've only visited a couple of times.  Thought it was a nice place, but wasn't sure if I was ready to join a goat co-op. ;)
00:48 dthom91 joined #salt
00:49 shane (friend of mine moved up there, built a still, and joined a goat co-op.
00:49 jalbretsen joined #salt
00:56 felixhummel joined #salt
01:00 sifusam joined #salt
01:06 dthom91 joined #salt
01:09 defunctzombie joined #salt
01:10 cocoy joined #salt
01:10 Nexpro joined #salt
01:14 emocakes joined #salt
01:18 CaptTofu joined #salt
01:18 CaptTofu howdy!
01:19 CaptTofu how would I get this to work:
01:19 CaptTofu http://paste.openstack.org/show/40755/
01:19 CaptTofu I know it's something simple in Jinja, but I've tried numerous things to no avail
01:19 CaptTofu tags is set above this block
01:30 m_george|away joined #salt
01:34 StDiluted joined #salt
01:44 oz_akan_ joined #salt
01:59 scotticus left #salt
02:04 timl0101 joined #salt
02:09 terminalmage CaptTofu: you still there?
02:09 CaptTofu for a little while :)
02:09 CaptTofu I figured a way of doing it:
02:09 terminalmage ok
02:10 CaptTofu {% set tags = [tags, 'something'] %}
02:10 terminalmage yeah, was going to ask how you set it
02:10 CaptTofu there probably is a way of doing it with append
02:10 CaptTofu but with jinja, you can't have any old code tidbit in {% xxx %} blocks
02:11 terminalmage yeah but you can use most data type member functions
02:11 mgw I couldn't figure out a way to append in jinja
02:11 m_george left #salt
02:11 mgw as I recall
02:11 terminalmage weird
02:11 sifusam joined #salt
02:11 mgw I'm going to test again
02:12 CaptTofu or regex, which I would lvoe
02:12 CaptTofu love, even
02:12 CaptTofu not a ruby guy, but I did get accustomed to irb templates
02:14 raydeo joined #salt
02:14 mgw I tried this:
02:14 mgw >>> t = """
02:14 mgw ... {% set x = ['a'] %}
02:14 mgw ... {% x.append('b') %}
02:14 mgw ... """
02:14 mgw >>> tmpl = jinja2.Template(t)
02:14 mgw and got this:
02:14 mgw File "<unknown>", line 3, in template
02:14 mgw TemplateSyntaxError: Encountered unknown tag 'x'.
02:15 mgw is that what you were getting CaptTofu?
02:17 mgw CaptTofu: got it
02:18 CaptTofu yup!
02:19 mgw {% set _ = x.append('b') %}
02:19 CaptTofu how do you run jinja in python shell?
02:19 CaptTofu ah!
02:19 CaptTofu that's cool
02:19 CaptTofu is _ like Perl's $_ ?
02:19 mgw just import jinja2
02:19 mgw it's nothing
02:19 mgw just a random var
02:19 CaptTofu ok.
02:19 mgw that you're not likely to use for anything
02:20 mgw it could be foo
02:20 CaptTofu it's the trick of using "set" I reckon
02:20 mgw yeah
02:20 CaptTofu I was trying crazy stuff
02:20 CaptTofu {% if blah:
02:20 mgw >>> tmpl = jinja2.Template(some_string)
02:20 mgw >>> tmpl.render(foo='bar')
02:20 CaptTofu tags.append() %}
02:21 Jahkeup_ joined #salt
02:22 CaptTofu thanks!
02:31 auser joined #salt
02:39 jeddi joined #salt
02:41 oz_akan_ joined #salt
02:43 naemon joined #salt
02:46 naemon Would anyone have a second to  clarify my understanding of events and reactors?  If your matter
02:47 naemon Sorry, inadvertently hit enter....  Let me try that again
02:51 naemon If your master is setup via a reactor to listen for certain tags, and trigger SLS files, and your SLS files trigger high states, is there anything else needed to make this function as the documentation suggests?
02:52 auser joined #salt
02:53 naemon Obviously, the reactor triggered by an event  with the proper tag...
02:56 naemon I am manually triggering an event on the master, and even in debug mode having difficulties understanding if the minion ran the highstate.
03:10 saltfish joined #salt
03:13 saltfish quick question: what is the best way to add an entry to a minion's /etc/hosts file? The entry would change based on the target minion group. ex. 1.2,3.4 for "dev" minions and 5.6.7.8 for live ones.
03:13 sifusam joined #salt
03:14 deanvanevery joined #salt
03:17 raydeo joined #salt
03:20 fragamus joined #salt
03:21 liuyq joined #salt
03:41 rbstewart saltfish: if all you need to do is add an entry once, file.append name="{{ pillar.minion_ip }} {{ pillar.hostname }}", then target with pillar tops file.
03:41 rbstewart may not be the best way, but should work.
04:08 tseNkiN joined #salt
04:15 cocoy anyone was able to run salt-ssh or idea how to make it work? tia.
04:23 sifusam joined #salt
04:24 UtahDave joined #salt
04:26 Jahkeup_ joined #salt
04:27 redbeard2 joined #salt
04:28 Jahkeup__ joined #salt
04:28 bemehow joined #salt
04:43 sturdy joined #salt
04:53 kleinishere joined #salt
04:56 druonysus joined #salt
04:56 druonysus joined #salt
05:10 dthom91 joined #salt
05:13 jhauser joined #salt
05:15 Ryan_Lane joined #salt
05:41 Newt[cz] joined #salt
05:42 kleinishere joined #salt
05:45 bemehow joined #salt
05:47 druonysus joined #salt
05:47 druonysus joined #salt
05:51 bemehow joined #salt
05:58 Vivek joined #salt
06:10 jacksontj joined #salt
06:12 jacksontj_ joined #salt
06:34 chuffpdx joined #salt
06:37 az87c joined #salt
06:37 az87c_ joined #salt
06:39 Jahkeup_ joined #salt
06:48 rroa_ joined #salt
06:49 ckrough joined #salt
06:55 linjan joined #salt
06:57 rroa joined #salt
07:00 pkruithof joined #salt
07:07 bemehow joined #salt
07:12 dthom91 joined #salt
07:16 jshare joined #salt
07:22 pkruithof joined #salt
07:25 aleszoulek cocoy: salt-ssh?
07:27 kleinishere joined #salt
07:29 jshare joined #salt
07:30 scott_w joined #salt
07:33 efixit joined #salt
07:33 dzen hello/win 2
07:36 svx_ joined #salt
07:42 kolaman joined #salt
07:54 ggoZ joined #salt
07:56 bemehow joined #salt
08:02 ggoZ oi
08:02 ggoZ did 0.16.0 somehow changed how _modules directory is read/loaded?
08:04 Ryan_Lane joined #salt
08:06 arthurlutz joined #salt
08:11 ProT-0-TypE joined #salt
08:13 dthom91 joined #salt
08:14 ggoZ wth
08:14 ggoZ my _modules dir is ignored :|
08:16 viq Could anyone comment on salt vs ansible? For what I read so far they seem to be pretty interchangeable.
08:17 ggoZ Never used ansible, cant comment
08:22 kolaman joined #salt
08:22 aleszoulek ansible is a copy of salt
08:23 aleszoulek smaller community tho
08:23 aleszoulek = less contributions etc
08:24 viq thanks
08:25 ggoZ aleszoulek: ever encountered a problem with _modules directory being ignored in file_roots?
08:25 aleszoulek ignored?
08:27 ggoZ I hit `saltutil.sync_modules` and minion logs indicates, that _modules directory is never read
08:27 ggoZ no trace of it
08:27 ggoZ and hence my module is not loaded :|
08:34 viq I was linked to http://missingm.co/2013/06/ansible-and-salt-a-detailed-comparison/
08:35 carlos joined #salt
08:38 ggoZ huh, so from now on only from base environment the _modules directory is synced
08:48 felixhummel joined #salt
08:51 zooz joined #salt
08:51 pkruithof joined #salt
08:54 baoboa joined #salt
09:03 cocoy any idea for  salt to use  with ssh-agent i.e cloning a git repo ssh://git
09:05 __gotcha joined #salt
09:05 __gotcha joined #salt
09:13 dthom91 joined #salt
09:15 sturdy joined #salt
09:16 liuyq joined #salt
09:17 middleman_ joined #salt
09:29 pkruithof joined #salt
09:39 robinsmidsrod is this a known issue? https://gist.github.com/robinsmidsrod/6028053
09:42 robinsmidsrod I just ran state.highstate, which upgraded my salt from 0.14.0 to 0.16.0
09:43 hazzadous joined #salt
09:43 dthom91 joined #salt
09:49 zooz joined #salt
09:50 Furao robinsmidsrod: you didn't restarted your minion after upgrade salt-common
09:51 robinsmidsrod Furao: I just ran state.highstate, which has a service associated with salt-minion which should restart the service when upgraded
09:52 robinsmidsrod I guess the highstate can't restart salt in the middle of the process, can it?
09:52 Furao yes
09:52 Furao but the minion process that run highstate won't restart
09:52 Furao it will just die at the end of highstate
09:53 Furao if you run ps(1) when minion do nothing there is only 1 process
09:53 robinsmidsrod so the rest of the highstate, after salt-minion is upgraded might potentially fail because of changes between releases, right?
09:53 Furao if you run highstate, there is 2
09:53 Furao if you restart salt-minion during highstate, it will only restart the main minion process
09:53 Furao the one that run highstate still run old version minion code
09:53 Furao with new version of common .py files
09:54 robinsmidsrod which, in my case, caused an error, right?
09:54 Furao yes, I've seen that many time before
09:54 Furao most of salt code is not imported once at startup
09:54 Furao it's re-interpreted all the time
09:55 Furao this way, if a state requires a python module, and install it, you don't have to restart the minion to use it
09:55 robinsmidsrod I would classify this as a bug, do you agree?
09:55 robinsmidsrod not sure exactly how to classify it, though
09:56 wahahajun joined #salt
09:56 Furao you're really opening an issue for that? well search it's probably there already
09:56 Furao there is no way to fix that
09:56 robinsmidsrod but versioned install_dirs might be a way to solve it
09:56 Furao maybe trough a virtualenv per salt minion version
09:56 * robinsmidsrod is not a python programmer
09:57 robinsmidsrod Furao: I was just wondering if you feel it does make for a valid bug, or if you should expect your highstate to fail when upgrading salt-minion
09:58 wahahajun sorry to disturb your. now i have a ugent question hope to get some help...
09:58 robinsmidsrod maybe it would be wiser just to stop the current highstate if salt-minion or salt-master was upgraded
09:58 * robinsmidsrod is not sure
09:59 wahahajun it is simple, now cmd.run will execute the cmd and return the result..  now i don't want cmd.run to return anything.  just like a trigger...
09:59 Furao wahahajun: cmd.run: - name: /bin/true
10:00 Furao if you're in windows, I don't recognized existence of desktop OS in the server realm
10:00 Furao maybe c:\windows\true.exe
10:01 Furao robinsmidsrod: open an issue, but I personally never bothered them about this, as the salt-upgrade process in their doc never talked about using a salt minion to upgrade itself (but I do it myself)
10:02 wahahajun No.  i mean cmd.run mycmd....and not need return anything. beacuse mycmd will run a process and keep running without any return..
10:04 liuyq joined #salt
10:04 wahahajun mycmd will startup a new process and keep runing...without any result return to salt run..
10:04 wahahajun so the minion will hang if cmd.run mycmd
10:04 robinsmidsrod wahahajun: mycmd is a server/service process?
10:04 robinsmidsrod wahahajun: you'll have to figure out how to run a command "in the background" on windows
10:05 nielsbusch joined #salt
10:05 robinsmidsrod wahahajun: you should make a service for mycmd and make sure that one is running instead
10:06 nielsbusch joined #salt
10:06 wahahajun yes i have figure out  a how to run a command in background in windows success..but in salt it didn't work
10:07 robinsmidsrod what does your cmd.run actually look like?
10:08 wahahajun ok.. the share url is? i will paste it..
10:08 robinsmidsrod wahahajun: my personal preference is gist.github.com, but use whatever you feel like
10:09 wahahajun is there url don't need sigh in
10:09 robinsmidsrod pastebin
10:10 robinsmidsrod .com
10:10 wahahajun sorry. can not open
10:11 wahahajun mycmd like this:    cmd.run 'start cmd /c java -jar slave.jar -jnlpUrl http://192.168.200.89:8080/computer/MyServer01/slave-agent.jnlp'
10:11 whiskybar joined #salt
10:12 wahahajun to start up a jenkins use web start
10:12 viq wahahajun: pbot.rmdir.de is nice one without logging in
10:14 __gotcha joined #salt
10:14 __gotcha joined #salt
10:15 wahahajun thanks. http://pbot.rmdir.de/8gaRH_EymAlz9wCoX2TV4Q
10:17 wahahajun "start cmd " is to ceate a subcmd to  run and close..in windows cmd line it success    but in salt it fail... the salt-minion hang
10:17 jeddi how about putting that into a .bat file, distributing the bat file, and then cmd.running that bat file?   not sure if it'll still block.  been years since i had to deal with ms-windows boxen.
10:18 wahahajun @jeddi..   yes i have try this method. but it still block in salt..
10:19 wahahajun it seems like the there must be a result to salt cmd.run.  else it will block...
10:22 wahahajun i can't figure out any other methods..
10:22 jeddi wahahajun: fairy nuff.  is there a & equiv you can use at the end of the 'start' command within the batch file?
10:23 jeddi wahahajun: evidently start /b foo.exe -- may be your friend.
10:24 jeddi wahahajun: http://stackoverflow.com/questions/1449188/running-windows-batch-file-commands-asynchronously
10:24 wahahajun i have try the  'start /b'    not work
10:24 jeddi when you 'start /b' *at the command line* on yiour windows box, does it do what you want, including ret codes?
10:25 wahahajun i did the same page this shows.. it works in windows cmd line but now works in salt cmd..
10:26 jeddi wahahajun: might be time to file a bug / issue at github then.   i get the impression (but may be wrong) that there aren't a great number of windows users with salt.
10:27 jeddi hence (again, speculative) some of this stuff isn't as heavily used / tested as on the gnu/linux platforms.
10:28 wahahajun yes.  it is a fact.. So meet many problem in windows like this..
10:30 wahahajun many another solution is to write a salt module similar  like cmd.run
10:30 wahahajun someone else have done like this..
10:33 wahahajun the method name shoud be cmd.run_withot_return()
10:34 wahahajun haha
10:35 wahahajun salt.modules.cmdmod.run(cmd, cwd=None, stdin=None, runas=None, shell='/bin/bash', env=(), template=None, rstrip=True, umask=None, quiet=False, timeout=None, **kwargs)
10:36 wahahajun some params i don't understand well like 'runas'   'rstrip' 'quiet'
10:37 wahahajun quiet many be work..try agin
10:44 dthom91 joined #salt
10:49 jeddi wahahajun: soz, called away.  yeah, i think there are some interesting challenges on that front.  personally i solve them by avoiding anything microsoft. :)
10:50 giantlock joined #salt
10:51 Koma joined #salt
10:53 LucasCozy joined #salt
10:53 LucasCozy joined #salt
10:57 rroa joined #salt
11:02 pkruithof joined #salt
11:07 timl0101_ joined #salt
11:10 efixit joined #salt
11:11 younqcass joined #salt
11:12 jeddi Is there an elegant way of doing an apt-get update / upgrade *on first build only* with salt-cloud?   I see module.apt.upgrade, but really only want that to happen automatically once, on vps provisioning.   i guess i could script that into my wrapper for salt-cloud.
11:13 Furao jeddi: file.managed /etc/apt/sources.list; and cmd.wait: - name: apt-get update - watch: - file: /etc/apt/source.list ?
11:14 Furao oh no, replace cmd.wait by module.wait: -name pkg. upgrade
11:14 jeddi Furao: ah.  okay.  so i could conceivably trigger it again by touching sources.list .. nice.
11:14 Furao as it will do the apt-get update for you
11:15 jeddi yeah - update seems to be done prior to almost every apt thing (i seem to recall there was some story that it had some configurable number of hours of freshness that it'd trust a recent apt-get update for .. but it doesn't appear to)
11:15 jeddi i'm about to salt-cloud up a new machine now, so i can test this.  :)
11:36 jeddi Furao: http://rn0.ru/show/ZV9wNEwgZNWzemOI4rVw/  <-- that's what I tried - didn't work on salt-cloud - something obvious  looks broken there?
11:38 jeddi oh .. that's intresting.  state.highstate isn't available on this machine.  something (else) is broken.   <wanders off>
11:43 logix812 joined #salt
11:44 ggoZ oi
11:44 ggoZ why one of my minions ignore _modules directory and it's contents /
11:44 ggoZ :/
11:44 dthom91 joined #salt
11:46 ggoZ this one minion is fresh, that is, it's config is 0.16.0, the others have config files from previous versions
11:46 ggoZ is there a new directive that enabled `_module` directory in file_roots?
11:46 ggoZ wth
11:46 ggoZ im lost
11:48 mstan joined #salt
11:49 ggoZ i have _modules/foo.py in base env and custom env
11:49 ggoZ and none of them syncs
11:51 ggoZ nice
11:52 ggoZ saltutil.sync_modules MUST have `env` param along with it
11:52 ggoZ it does not defaults to `base` env
11:52 ggoZ as docs say
11:56 oz_akan_ joined #salt
12:01 lemao joined #salt
12:11 stevedb joined #salt
12:14 dthom91 joined #salt
12:17 mprymek joined #salt
12:18 david_a joined #salt
12:18 mprymek hi guys!
12:18 mprymek is it possible to fire some function on the minion by sending something to its pull socket?
12:19 blee_ joined #salt
12:21 mprymek if I look in the Minion class code, it just gets everything from pull socket and resend it to publish socket - what's the purpose if this?
12:23 mprymek I'd like to fire events from nagios, so I need a CLI command to fire events. I can use "salt-call event.fire_master" but it's slow because it reauthenticates with master for every message :(
12:31 fredvd joined #salt
12:32 stevedb joined #salt
12:37 scalability-junk hey I want to include a .sls within the same directory how do I include it?
12:38 scalability-junk include: - .file.sls?
12:38 pkruithof joined #salt
12:38 aleszoulek Hi guys, is there somewhere a better doc to salt-ssh, then https://salt.readthedocs.org/en/latest/ref/cli/salt-ssh.html
12:38 aleszoulek ?
12:38 scalability-junk docs.saltstack.com ?
12:38 aleszoulek That's the same, I presume :)
12:38 scalability-junk aleszoulek: yeah probably :D
12:43 jslatts joined #salt
12:44 anteaya joined #salt
12:45 terminalmage joined #salt
12:55 aleszoulek Anyways, I wonder how salt-ssh works
12:59 kenbolton joined #salt
13:00 napperjabber joined #salt
13:00 juicer2 joined #salt
13:00 younqcass joined #salt
13:01 redbeard2 joined #salt
13:02 emilisto I'm wondering how environments are intended to be used
13:02 emilisto Im including the same state files in two environments
13:02 emilisto but I get this error: The conflicting ID is "/home/vagrant/.s3cfg" and is found in SLS "vagrant:base.users" and SLS "ec2:base.users"
13:02 scalability-junk how do I define a default with this pillar declaration? {{ pillar['git'] }}
13:03 scalability-junk emilisto: http://www.saltstat.es/posts/environment-based-clusters.html
13:04 emilisto thanks scalability-junk
13:06 emilisto hmm, I still don't get it, that means I'd have to replicate all my state files over all three environments?
13:07 scalability-junk emilisto: not necessarily
13:07 emilisto thing is, my states for dev and prod are identical up to a single state that checks out the code and one that enables debugging
13:07 scalability-junk I would have all states equal, but the used data different ;)
13:07 emilisto in one environment? :) else I get that conflicting ID error
13:08 oz_akan_ joined #salt
13:08 scalability-junk emilisto: when everything is the same use all same things in a base environment
13:08 scalability-junk and only the different states in dev, prod etc. environements?
13:08 scalability-junk same for data
13:08 emilisto okay
13:09 emilisto so let's say I set "environment: dev" on my test minion, won't I be unable to use the states in base then?
13:10 Kholloway joined #salt
13:12 ggoZ joined #salt
13:13 scalability-junk emilisto: why shouldn't you?
13:14 scalability-junk just set base to be used on '*' then it's not using environments, but is just used on every node
13:14 emilisto scalability-junk: oh, I thought base was a state like all others, but it's included regardless of what specific environment is used?
13:15 oz_akan_ joined #salt
13:15 dthom91 joined #salt
13:16 scalability-junk emilisto: depends on how you define it ;)
13:16 scalability-junk you could define base to be only used on dev machines, but that's up to you
13:17 scalability-junk it's actually written down in the post I send the link to
13:18 emilisto sorry, my mind was set on the fact that nothing from base will be executed if I set environment to dev
13:18 emilisto thanks for clearing that out, big time
13:19 scalability-junk emilisto: no worries
13:19 Jahkeup_ joined #salt
13:20 scalability-junk the environments are just definitions on where to get the files.
13:20 scalability-junk you could do the same with roles
13:20 scalability-junk or you could have project1: ... project2: ... for example
13:20 emilisto right
13:20 robinsmidsrod I can't find the manage.regen_keys mentioned in the 0.15.1 release notes on 0.16.0 - why is that?
13:21 emilisto scalability-junk: I see now, that all environments are executed, _unless_ I set environment in my minion config
13:21 scalability-junk depends on your master configuration
13:22 scalability-junk if you set your dev environment only to be executed on ubuntu machines setting the environment won't change a thing
13:22 scalability-junk :D
13:22 cron0 joined #salt
13:24 rroa joined #salt
13:24 racooper joined #salt
13:25 emilisto scalability-junk: I see now, http://docs.saltstack.com/ref/configuration/minion.html#environment
13:25 emilisto that paragraph made it all clear
13:26 brianhicks joined #salt
13:26 emilisto I've been setting a static environment in my minion config all along, and felt very frustrated with salt being so constricted... :)
13:26 naemon joined #salt
13:27 toastedpenguin joined #salt
13:29 emilisto scalability-junk: regarding your question, I do {{ salt['pillar.get']('git', 'default-value') }} :)
13:29 scalability-junk emilisto: yeah I rewrote my states for this form now too
13:30 scalability-junk thanks
13:32 bostonian joined #salt
13:33 bostonian Is it common for the salt master process to use 300 MB of memory? I want to know if I set it up right...
13:33 timl0101 joined #salt
13:34 SEJeff_work emilisto, scalability-junk so if you aren't using nested pillars, it is easier than that
13:34 Gifflen joined #salt
13:35 scalability-junk SEJeff_work: that's what I'm trying: https://gist.github.com/stp-ip/6029341
13:35 SEJeff_work emilisto, scalability-junk if your pillar isn't like a python dictionary (aka nested), you can just simply do: {{ pillar.get("git", "default-value") }} just like in python. If the pillar is nested, then and only then, do you need to use {{ salt['pillar.get']('foo:bar', 'default') }}
13:35 dzen :)
13:35 SEJeff_work scalability-junk, absolutely
13:35 emilisto SEJeff_work: ah, cool, thansk
13:35 dzen jinja2 powered :)
13:36 SEJeff_work dzen, bingo!
13:36 emilisto Ive grown more fond of non-nested pillars since it makes extendability easier
13:36 emilisto and now this
13:36 SEJeff_work :D
13:36 scalability-junk SEJeff_work: ok so would you say I should use nested like I do in the example or non nested?
13:36 scalability-junk any suggestions for the above example? SEJeff_work is my first try
13:37 naemon Anyone have a second to assist with reactor configuration?  With reactor enabled in the master configuration, with a tag specified, and pointing to an sls, where within the sls a highstate is set to run, wouldn't triggering an event.fire_master on the salt master, specifying the proper tag, and target cause this highstate to be triggered?  Do I misunderstand event/reactor?  see https://p.kk7.me/jadelepufe.rb    Thanks for any help you can provide
13:37 SEJeff_work scalability-junk, looks perfectly fine to me, except jinja is python. I tend to use True/False vs true/false
13:37 SEJeff_work but I doubt it actually matters
13:38 scalability-junk in jinja it doesn't, but you are right (stupid me was just writing javascript hence the true/false) :D
13:38 SEJeff_work Yeah I'm a monoglot as well
13:38 SEJeff_work javascript, python, c, go
13:38 SEJeff_work and some php, but I won't normally admit it :D
13:38 dzen SEJeff_work: how are you going
13:38 dzen (ahah)
13:38 mgw joined #salt
13:39 SEJeff_work I maintain a large php app amongst other things, but am rewriting it as a django app. Way more pleased with the new version
13:39 emilisto scalability-junk: I made a macro so I can use nested values with defaults more easily, https://gist.github.com/emilisto/6029357
13:39 SEJeff_work 31,000 lines of hand written code became 4900 lines of code with 600 lines of them as unit tests!
13:39 scalability-junk SEJeff_work: hehe yeah django is awesome
13:40 SEJeff_work emilisto, What is the "with context" for? I've used macros a ton, but never for that
13:40 scalability-junk emilisto: great thanks
13:40 emilisto SEJeff_work: IIRC, without it we won't get access to the salt variable and the macro won't work
13:40 SEJeff_work emilisto, I configure even my desktop settings with salt :) https://github.com/SEJeff/salt-states/blob/master/macros.sls
13:40 SEJeff_work good to know
13:40 SEJeff_work but most of my states aren't online
13:40 N-Mi joined #salt
13:40 N-Mi joined #salt
13:40 middleman_ joined #salt
13:41 SEJeff_work emilisto, You also use graphite?
13:41 cocoy left #salt
13:41 SEJeff_work I'm a committer for both salt AND graphite :D
13:41 emilisto SEJeff_work: ah, nice
13:41 SEJeff_work send graphite some patches!
13:41 SEJeff_work I'll merge them
13:41 emilisto SEJeff_work: I do! :)
13:41 dcolish can i send you a patch the deletes whisper?
13:41 emilisto ah, cool, I'll look into it!
13:42 SEJeff_work dcolish, If it replaces it with riak I might consider it :D
13:42 dcolish riak, really?
13:45 backjlack joined #salt
13:49 mikedawson joined #salt
13:49 SEJeff_work dcolish, yeah I prefer it over cassandra. It is easier to maintain
13:50 SEJeff_work but cassandra is good stuff as well
13:50 dzen SEJeff_work: just waiting for a nice graphiteweb frontend
13:50 dzen :p
13:53 SEJeff_work dzen, patches accepted! I became a maintainer to help improve it. I'll get a good bit of time hopefully this weekend after my wing chun class
13:53 SEJeff_work *classes
13:54 jbunting joined #salt
13:55 kchr hey, regarding the top.sls file... can a machine both be matched by specified hostname in 'dev' env tree and still load stuff from base?
13:55 dcolish so only cass or riak? you're killing me!
13:55 kchr or is the env sourcing mutually exclusive
13:55 * scalability-junk is still a bit confused.
13:56 scalability-junk would I do git related ssh keys within my git.sls probably or?
13:56 scalability-junk probably in a ssh.sls file and then include and require it.
13:56 deanvanevery joined #salt
13:56 jeddi So with salt-cloud, looks like there's no way to create an attached disk at provisioning time?  I guess it's a matter of wrapping a script around this with supernova or some other openstack-friendly client to do this.   But I really need the disk to be attached before the full highstate completes - specifically the mounting of the new drive at /var/lib/mysql
13:56 swa My windows colleagues were so impressed with salt yesterday they want to give it a shot. Are there any example states for windows somewhere ?
13:56 dzen SEJeff_work: seems, one of the big problem is to manage the django configuration and django versions
13:58 scalability-junk dzen: virtualenv ?
13:58 scalability-junk and django configuration with jinja templateS?
14:00 dzen i'm not using virtualenv
14:00 dzen (onto production servers)
14:00 scalability-junk dzen: best thing you can do ;)
14:00 dzen mh
14:00 scalability-junk with a requirements file you have the django and other lib versions within your code repository
14:01 dzen python3-django_1.6b1_amd64.deb
14:01 dzen U sure ? :D
14:01 scalability-junk dzen: yes my environement for python projects isn't really different from django setups
14:02 scalability-junk virtualenv setup, requirements installs all used things via pip and then I add some config files
14:02 scalability-junk not too bad
14:03 linjan_ joined #salt
14:03 dthom91 joined #salt
14:03 scalability-junk anyway gotta study
14:04 aberant joined #salt
14:07 kho joined #salt
14:09 kho joined #salt
14:11 qba73 joined #salt
14:13 p3rror joined #salt
14:13 aat joined #salt
14:14 mgw joined #salt
14:14 [diecast] joined #salt
14:18 pkruithof The pkgrepo state does not work properly when I set 'order' to other states, is this expected behaviour?
14:19 Ahlee_ joined #salt
14:19 pkruithof eg: I'm using an Ubuntu PPA for installing nodejs, but this fails when I set "- order: 1" anywhere in my state files.
14:20 Ahlee_ anybody seen salt-minion extremely slow to start?
14:20 pkruithof the apt-add-repository commands are executed, but the keys are not properly downloaded so packages cannot be verified from that repo.
14:20 _graingert joined #salt
14:21 _graingert The plugin 'salty-vagrant' could not be found in local or remote
14:21 _graingert any ideas?
14:21 _graingert akoumjian ^
14:21 Ahlee_ 09:16:58,658 loaded minion key, 09:20:22,730 setting up the salt minion
14:23 ipmb joined #salt
14:24 Guest81628 joined #salt
14:25 whit joined #salt
14:26 naemon Answering my own question... concerning the reactor/event system, that's exactly how it's supposed to work, it simply was a matter of me re-reading the docs, and seeing that there's a 20 character limit on tags.  After making the tag 18 chars, and re-triggering event, it works as expected
14:27 dzen scalability-junk: do you use your own pypi mirror ?
14:27 sifusam joined #salt
14:27 dzen if not, then your mep suffers from pypi downtimes
14:27 rroa_ joined #salt
14:28 scalability-junk dzen: not yet
14:28 scalability-junk but first pypi shouldn't go down so often anymore as it's behind a cdn
14:28 scalability-junk and it's always like this with external resources.
14:29 dzen do you have your own libraries ?
14:29 Jahkeup_ joined #salt
14:29 scalability-junk dzen: on pypi?
14:29 scalability-junk or in general?
14:29 scalability-junk in general yes
14:29 scalability-junk my first stage was to mirror all external resources from svn and git to my own git server so I don't have to rely on someone elses infra for that.
14:30 scalability-junk all packages are mirrored from my hoster
14:30 scalability-junk and pypi will follow as soon as I have the time
14:30 dzen package your own libraries
14:30 dzen get them installed as if it was on pypi
14:31 xet7 joined #salt
14:31 scalability-junk dzen: for now I used git submodules to distribute my libs, but will change that perhaps
14:31 scalability-junk dzen: any good docs for how to mirror pypi?
14:32 Ahlee scalability-junk: I just mirror their web format after manually downloading the package
14:33 Ahlee pip2pi is easy to get started if you've never dove into it
14:34 teskew joined #salt
14:35 dzen scalability-junk: it just serving package with http
14:35 dthom91 joined #salt
14:36 scalability-junk ok so basicly I "clone" all used packages from pypi onto my http mirror and then use this url for pypi ok
14:36 Ahlee What the heck is salt doing before printing Setting up the Salt Minion to the log file.  time /etc/init.d/salt-minion restart, real    1m24.863s,
14:37 kenbolton joined #salt
14:37 Ahlee it started logging as soon as the service returned, not before
14:38 napperjabber joined #salt
14:39 dzen scalability-junk: https://speakerdeck.com/brutasse/deployability-of-python-web-applications
14:42 Gordonz joined #salt
14:42 Merlin__ joined #salt
14:43 mgw joined #salt
14:46 rbstewart joined #salt
14:46 smoof hello all
14:50 rbstewart hi smoof
14:51 cnelsonsic joined #salt
14:51 Linz joined #salt
14:53 m_george|away joined #salt
14:53 Santo19 joined #salt
14:54 kchr can i conditionally test for a specific environment in a state file, using template lang_
14:54 cnelsonsic left #salt
14:54 kchr ?
14:55 SpX joined #salt
14:55 kchr i guess i could use env pillars to set the current env, but im curious to as if it could be read through the template
14:56 aberant joined #salt
14:56 rbstewart kchr: I seem to remember something about {{ env }} being automatically included in the template context.
14:56 Bonifacia joined #salt
14:57 rbstewart just sec, I'll see if I can run it down in the documentation.
14:58 rbstewart https://salt.readthedocs.org/en/v0.16/ref/states/vars.html
14:59 robinsmidsrod joined #salt
15:01 m_george left #salt
15:02 wildbill_ joined #salt
15:03 kchr rbstewart: cool, thanks
15:03 StDiluted joined #salt
15:04 rbstewart you're welcome
15:04 wildbill_ What is the equivalent of "salt-minion -l debug" for a windows minion?
15:05 wildbill_ If I run salt-minion.exe -l debug I get an error that DLL %1 is not a valid application. Salt 16.0
15:07 diegows joined #salt
15:08 timl0101 joined #salt
15:10 kleinishere joined #salt
15:10 [diecast] joined #salt
15:10 akoumjian If _graingert comes back: "vagrant plugin install vagrant-salt"
15:16 dthom91 joined #salt
15:16 kenbolton joined #salt
15:16 lemmings joined #salt
15:16 lazyguru joined #salt
15:17 StDiluted joined #salt
15:17 lemmings hi~...
15:17 rbstewart wildbill_: I don't use salt on windows, but here's my two cents: "not a valid application" says there's something wrong with the executable.
15:18 rbstewart Check that salt runs at all (process manager or something), then check that your command line environment includes salt and all its dependencies on the path.
15:18 lemmings shouldn't {% if 'webserver' in grains['roles'] %}'  else clause (as in, if it doesn't match), apply to all machines?
15:19 rbstewart lemmings: what if roles isn't a defined grain on some machines?
15:19 lemmings that's what I want to know... doesn't it apply?
15:19 devinus joined #salt
15:20 lemmings do I have to do something like "if not defined"?
15:20 thingles joined #salt
15:20 jesusaurus i tend to use the pattern: {% if 'webserver' in grains.get('roles', false) %}
15:21 lemmings jesusaurus: what's the advantage?
15:22 jesusaurus if 'roles' doesnt exist in the grains object, then it will return the default value of 'false' instead of raising a KeyError
15:23 jesusaurus i suppose in that case you might need to s/false/'' to prevent the in operator from barfing
15:23 lemmings I assumed jinga handled it like that... if key error, return false
15:23 lemmings I have this http://pastebin.com/9Mrkmb62
15:24 lemmings to build iptables rules automatically
15:24 jesusaurus no, jinja will just raise the error, and you will see the KeyError during state compilation
15:26 avienu joined #salt
15:26 lemmings jesusaurus: changing to your way doesn't work, stops returning at all
15:26 fxhp lemmings: I would suggest not using grains
15:27 fxhp roles should be placed into configuration management
15:27 lemmings salt '*' pillar.get iptables:accept_tcp_from returns empty
15:28 lemmings jesusaurus: also, no error raises... just doesn't apply to stuff
15:28 lemmings fxhp: caould you explain this a bit more?
15:28 lemmings fxhp: like nodegroups and stuff?
15:29 Jahkeup_ joined #salt
15:29 jesusaurus did you check that the grain is set with: salt \* grains.items ?
15:30 jkleckner joined #salt
15:31 lemmings jesusaurus: just checked, the grain must be set. I wanted something like "even if the grain is unset, use this" but I can work with this
15:32 lemmings still, using grains: roles: etc isn't the best way to define roles? Why? I know you can't add roles (as in, if webserver open 80, if dns server, also opens 53)
15:33 chrisgilmerproj joined #salt
15:34 rbstewart fxhp: by "configuration management" do you mean an external pillar/db of ips, roles, etc?
15:35 Jahkeup__ joined #salt
15:35 jMyles joined #salt
15:35 fxhp rbstewart: that is my opinion
15:36 jMyles Ladies and Gentleman, I've just started using salt, and let me say, holy hell, this thing is awesome
15:36 jimallman joined #salt
15:36 fxhp either in pillar, or in a database an external pillar can access
15:36 fxhp lemmings: rbstewart: http://russell.ballestrini.net/configuration-management-vs-remote-execution/
15:36 lemmings fxhp: could you give me an example?
15:36 fxhp Setting a grain is done via remote execution
15:36 lemmings fxhp: yes, like that :D Thanks
15:37 lemmings fxhp: thing is, in either case, you have to say "machine a is a something"
15:38 fxhp lemmings: I argue that you shold say, "machine a is a something" in configuration management, and not by remote execution
15:38 lemmings if you do it on a local grain, you can clone an image. So, let's say you want to fire up a webserver. You fire up the webserver.img, that has grains:roles:webserver on the minion config
15:39 lemmings it talks to salt (dns helps it out) and based on just that, it "auto-registers" and provisions itself... no?
15:39 fxhp You could go that route, but that sort of defeats the purpose of config management.
15:39 fxhp Now your configuration is in separate image silos
15:39 fxhp instead of a singular location
15:40 lemmings so, how would you do it the other way around?
15:40 lemmings you still have to change the /etc/salt/minion, right?
15:40 fxhp nope
15:40 lemmings ?
15:41 jschadlick joined #salt
15:41 fxhp The only think I change in /etc/salt/minion is the the master directive
15:41 fxhp thing*
15:41 lemmings first run, at least, the minion must know who the master is, register itself, etc
15:41 lemmings exactly
15:41 lemmings so, why not have a /salt dir in mercurial that has, say, minion.conf.webserver and minion.conf.dnsserver...?
15:42 fxhp Because I want all my configuration in one place
15:43 fxhp And I've chosen Salt / salt-states for config files
15:43 lemmings ok... no argument from me... but I'd like an example. For instance... do you use nodegroups, grains or what to target configs?
15:43 TheRealBill lemmings: the larger your farm of systems grows, the more ... ugly, such a config looks like. Similarly the larger the variety grows, the more complexity occurs.
15:44 lemmings and what, exactly is in the salt-states files
15:44 fxhp lemmings: currently I use hostnames set from a grain
15:44 fxhp which is targeted in states top.sls
15:44 fxhp But I am not setting a role in the grains myself
15:45 lemmings TheRealBill: true, and I'd like to avoid that. Being a salt noob, I'm asking because I want to learn. I wasn't implying my method is better, on the contrary :D
15:45 TheRealBill I target by using descriptive host/subdomain. Each role has that data encoded in the the fqdn, and when a system is kicked it runs the salt minion bootstrap. Makes it quite simple.
15:45 lemmings fxhp: could you, perhaps, show me an example? Sounds interesting
15:45 TheRealBill with that method, you don't need to set anything after setting DHCP,PXE, and DNS. :)
15:46 lemmings TheRealBill: was my original intention... but I wanted somethig more flexible for servers that might accumulate roles
15:47 fxhp I use grains['fqdn'] or grains['id']
15:47 lemmings to give an example.... let's say I make a "network" server... aka, cacti/mrtg monitoring, tftp server/rancid for config dumps, etc
15:47 TheRealBill lemmings: you should try to avoid that, but if that hapens, you can stil use the hostnames to apply the priamry role, then add additional states for more specific matches.
15:47 jMyles Can I use a command line variable as a jinja variable? (see: http://stackoverflow.com/questions/17711342/salt-can-i-use-an-argument-from-the-command-line-as-a-jinja-variable)
15:48 TheRealBill Another way to get what you want is to add additional roles in pillar and match that way.
15:48 lemmings the first part is exactly a "webserver" setup. I can apply all webserver stuff... well, I guess I could target it specifically afterwards too... yeah, makes sense
15:48 fxhp TheRealBill: Right, putting roles in pillar is prefered over setting grains via remote execution
15:48 lemmings TheRealBill: I wanted that, couldn't find pillar examples for it
15:50 lemmings I use pillar, for instace, to differenciate packages... if debian: apache2, if redhat, httpd
15:50 lemmings and to set my iptables rules
15:50 Jahkeup_ joined #salt
15:50 lemmings but the pillar part still depends on pattern matching. Wither "the server with fqdn starting with banana is a webserver" or "server with grain y is a fileserver"
15:51 lemmings since I can target with matching (and nodegroups, although haven't seen it used much), pillar seemed to be "yea... but what for?"
15:53 lemmings (also, and I reiterate, I'm a complete noob to either salt or provisioning systems. Tried a bit of puppet before, hated it. So, I'm kinda wrong on most stuff, I'm sure)
15:53 jMyles How can I have an entire sls file as a requisite?
15:54 fxhp lemmings: here is a silly example: http://pad.yohdah.com/150/119229c3-6632-4668-bd2b-24a232159507
15:55 TheRealBill you can still match on pillar items, take a look at http://docs.saltstack.com/ref/states/top.html#other-ways-of-targeting-minions and you'll see the - match: pillar section
15:55 Furao left #salt
15:55 TheRealBill or that away. ;)
15:55 TheRealBill way*
15:56 rbstewart jMyles: check out https://salt.readthedocs.org/en/v0.16/ref/renderers/all/salt.renderers.stateconf.html
15:56 fxhp lemmings: but at this time I try to put my server's role in a FQDN subdomain
15:56 fxhp because then roles are declarative in DNS
15:57 lemmings fxhp: TheRealBill Ok, fair... but the only advantage is that the definition is central? Well.. I suppose you're right, it does sound better
15:57 fxhp lemmings: its central
15:57 lineman60 joined #salt
15:58 lemmings how does pillar.get handles a key not existing?
15:58 fxhp and the minion isn't declaring what it is, the config management server is declaring what it is
15:58 TheRealBill lemmings:  it's a pretty big advantage. not as much as using fqdn, but a decent second place.
15:58 santagada_ joined #salt
15:58 rbstewart jMyles: basically it creates a noop "goal" state for foo.sls (that requires everything else in foo), then you use an include statement, then require foo::goal.
15:58 lemmings TheRealBill: FQDN limits you to one role per machine, this way doesn't... methinks
15:58 druonysus joined #salt
15:58 druonysus joined #salt
15:59 TheRealBill lemmings: you really should avoid multi-role systems. It is a nightmare in the making, the development of technical debt from the beginning.
15:59 lemmings also, something that has been bugging me and you guys seem to be experts... can't I have a relative salt:// directive? Instead of salt://srv/salt/anotherdir/file, have salt://./file?
16:00 Gifflen_ joined #salt
16:00 MWGriffin joined #salt
16:00 fxhp lemmings: sort of
16:00 jMyles rbstewart: Thanks.  I think I am closer to understanding. I see how the include works here, but what is "goal" in "foo::goal" ?
16:01 lemmings TheRealBill: Yeah... I know. But I should also have a decent update schedule, test and quality envs, ability to easily roll out a VM, sccm for windows... and colleagues that agreed with me on these.
16:01 fxhp salt://srv/salt/anotherdir/file == salt://anotherdir/file
16:01 lemmings reality tends to break best practices :D
16:01 jMyles rbstewart: My underlying desire is actually probably much simple: I just want to require multiple OS packages
16:01 Gifflen_ joined #salt
16:02 fxhp lemmings: also try to keep your state and pillar directories as flat as possible
16:02 lemmings fxhp: yeah... I wanted to eliminate the anotherdir part :D
16:02 carlos joined #salt
16:03 lemmings fxhp: I am, but I'm targetting by objective. For instance, I have a hardening dir that sets sysctl, iptables, motd, etc, etc. This way, that one only applies to servers, for instance
16:03 fxhp I normally only use one sub directory per "thing", but I will create another level deep if I'm using file.recurse to copy a whole bunch of files to the minion
16:04 fxhp lemmings: I would rather have an relative URI from the salt file-server root
16:04 fxhp lemmings: I don't want to confuse my team, or myself
16:04 lemmings there's a file.recurse. Awesome! Neves needed it but assumed there'd be something like it
16:05 lemmings fxhp: I wanted relative urls from the sls definition file. That way, sharing states in a puppet forge kinda way would be easier
16:05 rbstewart jMyles: something like pkg.installed: - pkgs: - foo - bar? https://salt.readthedocs.org/en/v0.16/ref/states/all/salt.states.pkg.html#salt.states.pkg.installed
16:05 fxhp lemmings: yeah I differ in opinion
16:06 fxhp But salt lets you lay out your project however you need
16:06 fxhp : )
16:07 cooper1 joined #salt
16:08 lemmings fxhp: fair enough... and I'd like the option, only. leaning by example is the best way and a forge-like repo would be handy
16:09 scalability-junk does pgk: - latest equal pkg: - installed?
16:09 rbstewart jMyles: http://pastebin.com/HLrBgMZP
16:10 scalability-junk lemmings: forge like is not even on the horizon I think :D
16:10 fxhp scalability-junk: ?
16:10 jMyles rbstewart: Ahhh, I see.  Thank you
16:10 fxhp scalability-junk: thats  good question
16:10 scalability-junk fxhp: no real basic work done for a general collection of states I think.
16:11 scalability-junk on github there are a few, but most of them without an example pillar
16:11 scalability-junk and most are without abstractions for all settings etc.
16:11 rbstewart jMyles: you're welcome
16:12 scalability-junk I will go the try to write it abstract for me first and then perhaps make it more abstract and publish or exchange the apache states with general ones later on
16:13 jMyles rbstewart: That seems to consistently produce "Minion did not return."
16:14 xrl joined #salt
16:15 rbstewart jMyles: let's try the step by step approach: "sudo salt whicheverminion state.show_sls statefileinquestion"
16:15 whiskybar joined #salt
16:16 rbstewart that should show you if the state is rendering properly (no jinja errors)
16:16 Jahkeup__ joined #salt
16:17 rbstewart (and if the yaml is parsing correctly)
16:18 kenbolton joined #salt
16:20 rbstewart if the location of statefileinquestion is /srv/salt/foo.sls then it'd be just foo
16:21 lemmings scalability-junk: some have pillar examples on the readme
16:22 lemmings scalability-junk: still, I'd like to share what I learn and publish stuff afterwards, but the fact that you can't self contain a state (even if it'd be in two parts, like state and pillar) it a bit annoying. You can work around it, but still
16:22 synestine joined #salt
16:23 lemmings scalability-junk: take https://github.com/uggedal/states for example. Pillar data is in the readme
16:23 lemmings I used this iptables example as base (also, you cant concat yaml files, which is a shame in this case)
16:24 jMyles rbstewart: It's being janky.  More "minion did not return" and also "salt.exceptions.SaltReqTimeoutError: Waited 60 seconds."
16:24 jMyles Is it reasonable for the server running salt-master to be one of the salt-minions?
16:25 lemmings fxhp: quick question... where do you store credentials? puppet and chef had some something-something-bags or whatever for sensitive data, salt doesn't seem to have anything like it
16:25 rbstewart jMyles: maybe, but last I heard it's not recommended.
16:26 rbstewart jMyles: however, if you use salt-call --local it will treat the master as a minion
16:26 lemmings jMyles: not sure, but thta's how I solved my self-provisioning problem. My master is also a minion so that I can use salt to config it. You could also use local storage, but it's the same deal.
16:26 pkruithof joined #salt
16:26 lemmings rbstewart: why is it not recomended?
16:27 lemmings rbstewart: I actually did this because someone (a chanenl op, actually, can't remember name) recomended it
16:28 rbstewart lemmings: probably just FUD from a debugging session. If an op said good, and your experience has shown that, ignore the above.
16:30 rbstewart jMyles: try stopping the minion and running in the foreground? (sudo stop salt-minion; sudo salt-minion -l info)
16:31 jMyles rbstewart: So what's the difference between running a minion and using salt-call?  (or can salt-call only be used on a minion?)
16:32 lemmings rbstewart: Please don't take my word for it and check. Like I said, I'm a noob. Still, it was suggested as I stated
16:32 Linz joined #salt
16:33 lemmings jMyles: from a functional standpoint, there's no network layer involved, probably. No key exchange, etc. Also, since you have to explicitly call salt-call, there's a lower risk in applying a wrong config to a running master accidentally, IMHO
16:33 Linz joined #salt
16:33 jMyles lemmings: For my purposes at least, this seems to make sense.
16:34 lemmings like, say, a match '*' that sets the ssh port to closed. Minor issue on a minion (change ins master, propagate), may be disatrous on a master
16:34 fxhp lemmings: I store sensitive information in a "private" pillar file root
16:34 fxhp else I put infra data into a "public" pillar file root
16:35 lemmings fxhp: how are these set as "private" or "public"? Also, my issue is more along the lines of... it all can be stored in a git/hg repo, so you have to make sure both the master and the repo are safe, correct?
16:36 cloq joined #salt
16:36 fxhp pillar data in its complete form only lives on the master, and if properly used the targeting system only divulges information to minions who require it.
16:36 dthom91 joined #salt
16:36 lemmings jMyles: I accepted the tradeoff, you may not. Honestly, don't like the fact that salt master is listed on the minion list...
16:37 fxhp lemmings: they are not set as private and public, I just like to separate them into separate repositories so that I can share the public pillar repo with other teams
16:38 fxhp without letting them have roots crypt or private keys
16:38 Nexpro joined #salt
16:38 lemmings fxhp: yeah, I know that. But my issue is more along the lines of... if your salt master is compromised (and by that I mean even read, like say a misconfig on apache symlink directory), they have the keys to the castle... ok, paranoid me sais I can always mount the data on a encrypted partition and...
16:39 lemmings nevermind :D
16:39 aat joined #salt
16:39 lemmings fxhp: that's actually quite smart! Will steal that idea :D
16:39 jdenning joined #salt
16:40 StDiluted joined #salt
16:40 rbstewart jMyles: a minion runs continuously, salt-call still requires /etc/salt/minion config, but is a one-shot start-run-stop call
16:41 fxhp lemmings: the pillar directories should be protected just like any file system
16:42 fxhp lemmings: I don't encrypt them, and we use git for pillar's version control
16:43 xrl left #salt
16:43 lemmings rbstewart: oh yeah, that too :D
16:44 scalability-junk fxhp: ok so you have one private pillar repo and one public pillar repo per project right?
16:44 lemmings fxhp: if you send the private pillar to git, do you have ACLs or equiv to prevent a full checkout?
16:44 scalability-junk and the most important servers to secure would be git and salt master...
16:45 rbstewart lemmings: btw using stateconf (e.g. "#!stateconf" header instead of "#!jinja|yaml") will add {{ sls_dir }} to your context for salt://{{ sls_dir }}/resource_file.txt
16:45 lemmings scalability-junk: this is also why a forge like thing would be cool... A salt-based bastille-like hardening setup would be a godsend for sysadmins and would encourage salt adoption
16:45 rbstewart but it doesn't play nice with init.sls files
16:45 scalability-junk lemmings: true
16:46 * scalability-junk thinks about using git gcrypt to prevent git server breakins from making trouble
16:46 fxhp scalability-junk: all of our salt masters use the same 4 repo's
16:46 scalability-junk 4 repos ?
16:46 lemmings rbstewart: explin the "doesn't play nice". also, what are absent files? They seem like ermove instructions but most are init.sls with absent instead of installed
16:47 fxhp states, states-binary, pillar-public, pillar-private
16:47 lemmings (complete sidenote: This is one of the best irc community support channels I've had the pleasure of using)
16:47 fxhp lemmings: yes we use gitolite which only allows operations team access to pillar-private
16:48 scalability-junk mhh don't know, but I was thinking more in the range of per project states and pillar repos
16:48 kermit joined #salt
16:48 scalability-junk so sort of 2 repos per project or even the 4 you mentioned, but per project
16:49 scalability-junk it would make it easier to move projects with state history, but on the other hand instead of 4 repos I would have a lot more...
16:49 scalability-junk and instead of just cloning into states and pillars dir I would have to patch them together...
16:49 fxhp scalability-junk: lemmings: gitolite uses ssh pub/priv keys for authentication. I have put my trust into that.
16:49 scalability-junk alright 4 repos it is
16:49 rbstewart foo/bar/init.sls pretends it's foo.bar, not foo.bar.init. Hence {{ sls_dir }} looks at the parent of bar, "foo", instead of the parent of init, "foo/bar"
16:49 scalability-junk fxhp: I'm using gitlab for git authentication
16:50 lemmings fxhp: we use svn internally (I use hg locally) because we're advanced like that. ACLs come built in with the svn server we have.
16:50 fxhp scalability-junk: I'd rather reduce the amount of repo's but so far we have needed the 4
16:50 fxhp repo's/repos
16:50 fxhp BRB scrunm
16:50 fxhp scrum*
16:51 scalability-junk will probably have 3 repos accessible from everyone I give them access and the private pillar repo with ssh keys and so on will be done via gcrypt perhaps
16:51 scalability-junk too risky to be laying around
16:51 lemmings rbstewart: ah, fair enough. since init is best practices, it's not that useful then :D
16:52 lemmings scalability-junk: if you have ssh keys to distribute, consider making the "known-hosts" immutable and distribute that too .D
16:52 zach joined #salt
16:53 scalability-junk lemmings: how would I make the known-hosts immutable?
16:53 zach Greetings folks, does anyone know why I am receiving the following error: '"acl.addfacl" is not available' when running "salt '*db*' acl.addfacl user root rwx /usr/bin/mysql"
16:54 zach the drive does in fact have acl in the mounts, I set a facl on the file already and acl.getfacl pulls the correct facls
16:55 benkay_ joined #salt
16:55 rbstewart lemmings: I generally do foo/bar/A, foo/bar/B with stateconf, then include A and B in init.sls.
16:55 lemmings scalability-junk: let me see if I can find an example.
16:56 lemmings rbstewart: stateconf? Not followinf
16:56 jslatts joined #salt
16:58 rbstewart there's several different renderers: yaml, mako, stateconf. stateconf's aim is to make states more reusable (hence the sls_dir thing, among others).
16:59 scalability-junk rbstewart: link?
16:59 rbstewart you can specify the renderer (and templating) by the #! at the top of the file.
16:59 rbstewart https://salt.readthedocs.org/en/v0.16/ref/renderers/all/salt.renderers.stateconf.html
17:01 lemmings scalability-junk: was trying to find an example, but I'll give you the run down from what I remember. Set a /etc/ssh/knownhosts, mask 0600. Go to sshd_config, change IgnoreUserKnownHosts to true.
17:01 scalability-junk alright but I in turn have to distribute the right known hosts file
17:01 scalability-junk :)
17:02 scalability-junk it sounds even harder to make salts interchangeable when you do that :D
17:02 lemmings there's a GlobalKnownHostsFile (it's either ssh_known_hosts or just known_hosts on /etc/ssh)
17:02 lemmings scalability-junk: this was just for your case :D
17:02 jalbretsen joined #salt
17:03 scalability-junk yeah but I'm wondering how to structure states
17:03 fxhp lemmings: I use hg personally but that wasn't a battle I felt like fighting
17:03 fxhp : )
17:04 lemmings rbstewart: so it's jinja2 + yaml with extra options?
17:04 scalability-junk I would add ssh keys for each of these states within them. and I would then in turn have 3 or more states having their own ssh keys... how to get the known_hosts file from that?
17:04 lemmings (if you set it that way)
17:04 aat joined #salt
17:05 scalability-junk or would you try to set one ssh key with an extra ssh state? and then require this state to be present?
17:06 lemmings fxhp: I've spent 1 hour arguin with a dev on as to why "SVN was useless for more than one person, because once it deleted my changes". Apparently, svn update is a complex and mistical kind of black magic. I don't want to argue about anything in relation to version control. They use SVN, I'll use hg-svn or whatever and be happy :D
17:07 scalability-junk git for the win
17:07 JasonSwindle joined #salt
17:07 Corey Yeah, git is the right way to go here.
17:07 fxhp Corey: Why gitfs doesn't even work with SSH yet
17:07 lemmings scalability-junk: It's just a minor sec update thing, ignore it. I've seen it used on places that have one single known_hosts file, that get's distributed to the whole network. Kinda of a hassle to manage.
17:08 scalability-junk fxhp: why do you wanna use gitfs?
17:09 lemmings scalability-junk: I'm partial to mercurial. You can "downgrade" a mercurial repo to git and not lose anything, Can't do the inverse. Still... as long as you use something and it's not SVN, I'm game.
17:09 fxhp because then I don't have to manually check out head on salt-masters
17:09 Corey fxhp: Salt has built in support for git, for one. :-)
17:09 fxhp http://docs.saltstack.com/topics/tutorials/gitfs.html
17:09 Corey fxhp: You don't have to now, with a post-receive hook.
17:09 fxhp post-receive what?
17:09 scalability-junk fxhp: yeah post-receive or run git pull via cronjob
17:09 jkleckner joined #salt
17:10 scalability-junk http://git-scm.com/book/en/Customizing-Git-Git-Hooks fxhp
17:10 fxhp I could just as easily use my revision control system of choice + cron
17:10 zach So after much testing, I've come to the conclusion that acl.addfacl does not work
17:10 scalability-junk fxhp: sure my rcs is just git :D
17:11 lemmings nice!... but... why? If you're gonna publish something, why do it directly in git?
17:11 scalability-junk back to my question on best practice for ssh: own ssh state thingy which is required from each state or should each state handle their own ssh keys etc.?
17:11 fxhp scalability-junk: wanna see my complete solution
17:11 fxhp that you might not agree with?
17:12 scalability-junk fxhp: would love to yeah
17:12 lemmings fxhp: I do too
17:12 fxhp http://russell.ballestrini.net/understanding-salt-stack-user-and-group-management/
17:12 JasonSwindle Anyone here use NGINX and Ubuntu?  I have service.running with enable: True….but nginx is not starting up on reboot
17:12 JasonSwindle My SLS; https://dpaste.de/bnsNw/
17:13 anteaya joined #salt
17:13 scalability-junk fxhp: mhh that sounds like something I could use for my rsync server, but not sure yet how to do that with webserver etc.
17:14 rbstewart lemmings: yeah stateconf jinja2 + yaml by default; if you need other templating systems (mako, wempy), you don't use pipes, it's a reversed dealy-o
17:14 fxhp scalability-junk: I use that for all servers
17:14 scalability-junk I probably just do the ssh key stuff from within the specific states aka git ssh key, data rsync key etc.
17:14 scalability-junk fxhp: do you have your own user for rsync syncing?
17:14 Ahlee is it a known issue that if you regenerate a salt-key, you have to set open_mode: True on the master for the new key to be accepted?
17:15 fxhp scalability-junk: the previous sys admin created a special account for rsync jobs but I have not looked at that or touched it
17:15 Ahlee order of operations is stop salt on client, salt-key --gen-keys=$(hostname --fqdn); salt-key -d <hostname of box being regen'd>; start salt on client
17:15 lemmings fxhp: you're Russell?
17:15 fxhp lemmings: Yes
17:16 lemmings fxhp: I have read some articles of yours in the past (very distinc site, btw, altough hard to navigate) and some are quite good. Just wanted to say thanks for sharing.
17:16 kchr are grains set through cmd saved in some kind of virtual state, between reboots?
17:16 kchr or are they cleaned when you run highstate or reboot the minion
17:17 scalability-junk fxhp: ok so right now you use this ssh stuff mostly for user accounts and their creation.
17:18 kchr i'm wondering if i should use pillars or grains for permanent data
17:18 scalability-junk I want to distribute private access keys for different purposes to the minions rsync, git, etc.
17:18 scalability-junk but as I said I will probably do that per state instead of in a global state, so I can interchange it more easily
17:19 lemmings fxhp: also, quick question... what happens if you introduce an inconsistency in the uid? Like defining 2 users with the same UID or overwriting an existent one?
17:19 scalability-junk then I have the keys structured in project/tool/ssh_key which sounds better than: ssh/ssh_keys
17:20 lemmings scalability-junk: can't you just target diff machines with diff sets of keys?
17:20 scalability-junk what do you mean?
17:22 lemmings I may be wrong in understanding what you want, but it seems that you want something like "if host is git, file.maanaged:key1", correct?
17:22 rbstewart Ahlee: what forced you to set open_mode?
17:22 lemmings you can setup the keys on a pillar and them simply match them
17:23 lemmings can't ya?
17:23 lemmings brb
17:23 scalability-junk lemmings: nope more like for git.sls I need ssh_git.priv and for rsync.sls I need ssh_rsync.priv
17:23 auser joined #salt
17:26 fxhp lemmings: thanks for the comments, I didn't think people ever attempted to nagigate my blog, I assumed it was just search traffic
17:26 fxhp lemmings: I should fix that
17:26 fxhp lemmings: if somebody introduces an error in any of the states we will have varying degrees of issues
17:27 Ahlee rbstewart: The new key does not show up on the master until i do.  I see the traffic, but it doesn't appear to be presented through the entire software stack to salt-key
17:27 devinus joined #salt
17:27 fxhp lemmings: duplicate UIDs would set the uid twice and the last would be one to run would persist.
17:28 KennethWilke joined #salt
17:28 Furao joined #salt
17:29 whit joined #salt
17:31 djn joined #salt
17:32 rbstewart Ahlee: to be clear: you take the key generated by the salt master and install it on the minion before restarting the minion?
17:33 rbstewart I'm not quite understanding "salt-key --gen-keys=$(hostname --fqdn)" (since, in context of the salt master, I think that would be a key for the master, not minion.)
17:34 brianhicks joined #salt
17:37 Ahlee rbstewart: No.  On the minion I regenerate the key with salt-key --gen-keys
17:37 dthom91 joined #salt
17:37 rbstewart ok
17:38 Ahlee as per key-gen -h, "Set a name to generate a keypair for use with salt
17:38 Ahlee er
17:38 Ahlee salt-key -h, sorry.
17:38 Ahlee though based on time stamp of /etc/salt/pki/minion/minion.pem, it's not updating
17:38 jpadilla joined #salt
17:41 StDiluted hey auser
17:42 lemmings scalability-junk: you can probably use conditionals in some cases, but it may grow unmanageable... I'd use a single sls and target it with pillar, though. Seems viable. file: {{ salt 'pillar.get' serverrole }} or something and use the pillar to target it. Wouldn't it do?
17:42 StDiluted JasonSwindle, I am testing my nginx state for you, give me a few.
17:42 auser yay, I like being welcomed
17:42 kchr how can i reference pillar dicts from one pillar sls when inside another?
17:42 auser hey StDiluted
17:43 scalability-junk you mean pillar.get rsync_priv_key sorta from within the git/init.sls file for example
17:43 scalability-junk that sound reasonable
17:44 scalability-junk so I would require the ssh key to be present and used by git and retrieve the key from one ssh location to make it easily interchangeable
17:44 scalability-junk as I have a per project per tool ssh key (paranoid) I would probably still save that key within the pillar of the project
17:44 lemmings fxhp: if a blog is good, I like to snoop around and yours had a few intereting insights. Still, navigation is restricted to the post tags and i can't even tell how many posts each category has so... yeah, fix the nav a little and it'll be great. Still, content is what matters and yours is cool :D
17:44 oz_akan_ joined #salt
17:45 JasonSwindle StDiluted: THank you
17:45 StDiluted JasonSwindle: My nginx starts up when the box starts
17:45 lemmings scalability-junk: seems reasonable...
17:45 JasonSwindle I am on Ubuntu 13.04 and Salt .16
17:46 lemmings scalability-junk: also, I'm in netsec, nothing seems paranoid to me :D
17:46 lemmings anyway, gotta go guys
17:46 JasonSwindle StDiluted: Maybe it is my SLS file?
17:46 StDiluted I am on Ubuntu 12.04.02 and Salt .16
17:46 lemmings thanks for everything
17:46 scalability-junk lemmings: see ya
17:46 StDiluted I am not sure if they have changed anything in the init setup
17:46 StDiluted Jason, let me paste mine, one sec
17:46 TheRealBill joined #salt
17:47 StDiluted JasonSwindle: https://gist.github.com/dginther/6031370
17:47 JasonSwindle Looking
17:48 Lue_4911 joined #salt
17:49 StDiluted Doesn't look too much different, honestly
17:50 talso joined #salt
17:51 Ryan_Lane joined #salt
17:54 jbunting joined #salt
17:56 jMyles rbstewart: Thanks (wo?)man, your help has been awesome.  I think that it's running.
17:56 jMyles My next question is this: http://stackoverflow.com/questions/17711342/salt-can-i-use-an-argument-from-the-command-line-as-a-jinja-variable
18:04 Taranis joined #salt
18:07 JasonSwindle StDiluted: This is odd
18:07 JasonSwindle I also see it in rc?.d
18:07 JasonSwindle etc/rc0.d/K20nginx -> ../init.d/nginx
18:08 JasonSwindle and I can do; service nginx start
18:08 JasonSwindle and up it comes
18:08 CaptTofu question: where are the archives for this channel?
18:08 StDiluted K20 means kill
18:09 CaptTofu I had some good discussion last night that has scrolled by
18:09 StDiluted that's in rc0 which is shutdown
18:09 StDiluted but is it in rc3.d?
18:09 StDiluted with an S?
18:10 druonysus joined #salt
18:10 druonysus joined #salt
18:10 kermit joined #salt
18:10 StDiluted hey auger, question for you
18:10 StDiluted grr
18:10 StDiluted auser
18:10 StDiluted hehe
18:10 StDiluted autocorrect sucks
18:10 auser yeah
18:10 auser what's up
18:11 JasonSwindle StDiluted: rc2.d has S20 :)
18:11 JasonSwindle and 3
18:11 jMyles If an error is raised during salt-call, is there a way to set to the errorlevel to nonzero?
18:11 StDiluted something else wrong perhaps, then
18:11 JasonSwindle 4 and 5
18:11 JasonSwindle StDiluted: I agree
18:11 jpadilla joined #salt
18:11 StDiluted auser: I've got targeting based on grains set up, and it works for the first one in the list, but it doesn't seem to be picking up the second?
18:12 druonysus joined #salt
18:12 druonysus joined #salt
18:12 StDiluted auser: for instance, I have web,db in ec2_roles, and targeting set up for ec2_roles:web and ec2_roles:db. The web one fires, but the db one doesn
18:12 StDiluted t
18:13 StDiluted grains.get ec2_roles says - web  - db
18:17 auser (back, sorry -- phone)
18:17 StDiluted no worries
18:17 Ryan_Lane so, it seems salt caches the master's pub key. If I change the master's key, I need to change the master_finger and purge the cached public key
18:17 Ryan_Lane that seems…. inefficient
18:17 auser StDiluted: How do you get ec2_roles in the grains?
18:17 auser are they actually in the grains?
18:18 StDiluted auser: yes, I'm using a grain on each minion to query and return the information
18:18 StDiluted (wrote a grain)
18:18 auser sure, I remember
18:18 auser just want to confirm that roles is actually set on the minion
18:19 auser can you check?
18:19 auser just to confirm
18:20 StDiluted yeah i did a grains.get from the minion
18:20 jMyles It seems that no matter what I do, salt-call exits with code 0.  Is this correct?
18:20 StDiluted and i get  - web \n - db
18:21 jacksontj joined #salt
18:23 StDiluted calling it locally gets the same
18:24 bensix2 joined #salt
18:25 erasmas joined #salt
18:32 auser hmm
18:32 auser can you paste your top.sls?
18:32 jslatts joined #salt
18:33 bluemoon joined #salt
18:33 StDiluted yeah, one sec. I ran salt-call on the minion
18:33 StDiluted and something interesting
18:33 oz_akan_ joined #salt
18:34 StDiluted https://gist.github.com/dginther/6031755
18:35 StDiluted not sure why but you will see in the output down below of the salt-call, it doesn't have a grains target for db
18:35 auser I know why
18:35 StDiluted match: grains
18:35 auser what's different about the db role
18:35 StDiluted haha
18:35 auser :)
18:35 StDiluted yes
18:35 StDiluted durrrrrr
18:35 StDiluted looked at it too many times to see it
18:37 dthom91 joined #salt
18:42 opapo joined #salt
18:45 jslatts joined #salt
18:45 KyleG joined #salt
18:45 rbstewart Ahlee: I didn't exactly follow your steps, but got pretty much the same results. Didn't find an issue on github so you should probably put one up.
18:47 kermit joined #salt
18:48 rbstewart jMyles: you're welcome. If you want to pass in a variable, you can probably hack the source of the state module to do that. Why do you want to?
18:50 bastion2202 joined #salt
18:54 bastion2202 hey guys !
18:55 bastion2202 One question : I want to create one state sls file per user and want to set a variable username based on the file name (without the sls extension) so it will be easy to create a new user : copy the sls file with a new name.sls
18:56 Ahlee Anybody got a good example of a salt heartbeat?  Looks like a firewall inbetween some of my systems is cutting the connection of long-idle salt sessions
18:57 auser be back soon guys
18:57 bastion2202 Ahlee
18:57 bastion2202 to check if all minions are up ?
18:58 opapo joined #salt
18:58 kuffs Ahlee: what version are you running?
19:00 cloq joined #salt
19:00 Ahlee kuffs: 0.15.3, zeromq 3.2.2
19:01 Ahlee I don't want to just send salt '*' test.ping, or even those hosts since it appears salt hits all hosts to determine if a host matches
19:01 Ahlee though i guess that'd probably be easiest, salt -N somelistofhostsinthatDC test.ping in cron every 30 minutes or similar
19:02 KFDM salt-run status.down ?
19:02 KFDM Internally it does salt '*' test.ping but then will only print out the hosts that timeout
19:02 jacksontj Ahlee: i'd recommend doing the heartbeat from the minions not from the master-- and you can schedule stuff on the minion side within the minion
19:02 KFDM status.down is wrong, manage.down
19:02 KFDM manage.status is the one that shows a list of both the UP and DOWN hosts
19:03 Ahlee jacksontj: Interesting - got an example or a help page for that functionality?
19:04 jacksontj http://docs.saltstack.com/topics/jobs/schedule.html
19:04 jacksontj Ahlee: ^^
19:04 kuffs Ahlee: there were some keepalive patches in there somewhere. Is your firewall stateful?
19:05 Ahlee kuffs: not to my knowledge
19:05 Ahlee in fact, stateful is typically defined as inspecting, right? is so, no.
19:05 Ahlee jacksontj: thanks kindly
19:07 Ahlee jacksontj: Thank you again, this solves another issue I have on my todo list (scheduling runs on specific hosts :) )
19:07 bastion2202 Ahlee: what I do : i create a nagios check that create file1 with the result of salt-key -L and file2 that is the result of salt * test.ping. I do a diff and base on the exit code will send a warning or not
19:07 bastion2202 Ahlee: all on the salt-master
19:07 jacksontj Ahlee: np ;)
19:08 Ahlee bastion2202: you probably want to look into manage.down or manage.status - you can probably cut out the diffing
19:08 dthom91 joined #salt
19:08 Ahlee just from what I see after KFDM's statements above
19:08 Ahlee KFDM: Thank you kindly, those will also come in very handy
19:08 kuffs Ahlee: you might be able to adjust your keepalive timeouts https://github.com/saltstack/salt/pull/3012
19:08 kuffs and a firewall does not need to be inspecting to be stateful
19:10 Ahlee kuffs: beautiful. Happen to be able to save me a google for what version of ZeroMQ added keepalive?
19:10 kuffs uhhhh, I might be able to dig it up in our internal bugtracker
19:10 kuffs just a sec
19:11 Newt[cz] joined #salt
19:11 Ahlee also a github question, how does one take that merge commit and ascertain what release(s) it made it into?
19:11 bastion2202 Ahlee is manage.status in .15.3 ?
19:11 kuffs this is the specific pull request that added keepalives to zmq https://github.com/zeromq/libzmq/pull/306/files
19:11 Ahlee do you just count back to whatever release happened ~7 months ago, +/- a few days
19:12 kuffs as far as I can tell, libzmq3 is all you need
19:12 Ahlee bastion2202: it's in 0.15.1, so I'm assuming 0.15.3
19:13 Ahlee kuffs: awesome, thank you sir.
19:13 Ahlee on that note, definitely need to consolidate my versions and get staging, UAT, and production all up to the same version.
19:17 keith4 joined #salt
19:17 Jahkeup__ joined #salt
19:19 darthlukan joined #salt
19:30 alekibango joined #salt
19:30 UtahDave joined #salt
19:31 KennethWilke UtahDave: well look who shows up
19:31 KennethWilke welcome to the salt room, make yourself at home
19:33 m_george joined #salt
19:33 tqrst joined #salt
19:34 UtahDave lol
19:34 UtahDave thanks, KennethWilke!  I got the same reception in an another channel.  lol
19:34 KennethWilke lol
19:34 * UtahDave stretches his arms
19:34 KennethWilke was fun to see you guys here
19:35 UtahDave yeah, that was a LOT of fun.  It was great to see you in person again and meet all the other rackers.
19:35 carmony we got some rackers in the room? :P
19:35 KennethWilke a good few
19:35 KennethWilke :D
19:36 KennethWilke current and former
19:36 UtahDave carmony: a whole bunch, actually
19:36 * carmony is a long time rackspace cloud user :P
19:36 StDiluted hey there UtahDave
19:37 UtahDave carmony: rackspace's hq is a converted mall.  Like Southetowne or Fashion Place.
19:37 UtahDave hey, StDiluted!  How's it going?
19:37 StDiluted going alright!
19:37 carmony UtahDave: really? That'd be interesting
19:37 StDiluted Has anyone used debconf.set_file?
19:37 KennethWilke lol i saw all you guys enjoying the slide as well
19:37 UtahDave carmony: yeah, it's really cool.
19:37 KennethWilke we are... how you say.... overworked?
19:38 KennethWilke :p jk of course
19:38 StDiluted I want to require that a debconf.set_file is compiled before installing the package it's for
19:39 StDiluted so I have require: - module"
19:39 StDiluted err require: - module: 'mysql-debconf'
19:39 StDiluted and later I have a declaration of mysql-debconf:
19:40 UtahDave StDiluted: can you pastebin what you have so far?
19:40 StDiluted sure one sec
19:40 UtahDave KennethWilke: everybody seemed really happy to be there.
19:41 StDiluted https://gist.github.com/dginther/6032369
19:41 StDiluted the second paste is what I'm getting trying to highstate
19:42 Corey UtahDave!
19:42 StDiluted not sure I'm doing it the right way at all
19:42 UtahDave Corey, my man!
19:43 StDiluted brb
19:45 devinus joined #salt
19:46 hebz0rl joined #salt
19:46 kaptk2 joined #salt
19:47 CaptTofuWeb joined #salt
19:49 rbstewart Ahlee: on second thought, what I was seeing about regenerating keys was just me being confused (two salt minions' id was set in the config, there were two minions running...) Anyways, on 0.16.0 I don't need open_mode for your scenario.
19:49 cloq joined #salt
19:52 StDiluted Any ideas, UtahDave?
19:53 UtahDave StDiluted: Try this: https://gist.github.com/UtahDave/6032439
19:53 UtahDave StDiluted: I know very little about debconf, but I think as far as Salt goes, that should work, or at least be close
19:53 david_a joined #salt
19:55 Ahlee rbstewart: thanks for confirming.  Not slated to update for a month or so, so i'll just skip up to whatever's current then
19:55 StDiluted same error when highstate runs
19:56 StDiluted never mind
19:56 StDiluted ha
19:56 StDiluted stupid indention :)
19:56 UtahDave oh, sorry, did I have an indentation error in there?
19:56 mgw joined #salt
19:56 StDiluted no, I did :)
19:57 timl0101_ joined #salt
20:00 jacksontj joined #salt
20:03 thingles joined #salt
20:03 devinus joined #salt
20:03 JasonSwindle UtahDave: Welcome back.  Did you find your RIAK examples?
20:03 giantlock joined #salt
20:04 hebz0rl left #salt
20:04 Ahlee Is there a way to have salt trigger a script (custom returner?) if it changes something?  I.e., if a file it's managing is changed and it reverts it back, can I get minion or master to execute /path/to/script?
20:04 linjan joined #salt
20:04 Ahlee Trying to avoid scraping logs
20:05 UtahDave JasonSwindle: Yes, I did!!  I had it in a copy of the file.  that was frustrating.   :)
20:05 jschadlick joined #salt
20:05 JasonSwindle Can you share it?  I have in need for a minion to configure other minions.  Ex NGINX LB and Postgres cluster
20:06 JasonSwindle I have…… gah, I am in need for*
20:06 jkleckner joined #salt
20:06 UtahDave JasonSwindle: Yeah, totally.  It's pretty simple.  give me just a minute to put it in a gist.
20:08 JasonSwindle Take your time.  I am fighting with NGINX and startups in Ubuntu 13.04
20:08 dthom91 joined #salt
20:08 UtahDave fun.
20:08 UtahDave It was great to meet you IRL, JasonSwindle!
20:09 ggoZ joined #salt
20:09 StDiluted still fighting the startup?
20:09 JasonSwindle StDiluted:  It maybe because of this: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1174158
20:09 JasonSwindle But they say it is fixed…. I am going to try a "different" NGINX package, like nginx-full vs nginx-extras
20:10 StDiluted ah
20:15 biteme joined #salt
20:17 ProT-0-TypE joined #salt
20:18 racooper joined #salt
20:20 MTecknology joined #salt
20:31 bastion2202 how can I check if a grain['id'] is contains in a dict ?
20:33 jhauser joined #salt
20:38 LyndsySimon joined #salt
20:38 LyndsySimon /join #celery
20:38 rbstewart bastion2202: you mean like {% somedict.get(grains['id'], False) %} ?
20:39 bastion2202 I did it with : {% if grains['fqdn'] in userinfo.get("servers","")   %}
20:43 JasonSwindle UtahDave: Any luck on SLS?
20:43 UtahDave ah, almost there, JasonSwindle.
20:44 smoof Hey UtahDave
20:44 smoof happy to have met you in person...
20:47 UtahDave JasonSwindle: here you go: https://gist.github.com/UtahDave/9623f597dbd38f4c55ae
20:47 UtahDave hey, smoof!
20:47 UtahDave Yeah, it was great to meet you, too!  I'm glad you came up to say hi!
20:48 smoof I'm working on talking some of the more resistant people on my team to start using salt. Hopefully, we can get some of them to join #salt and get involved
20:49 smoof so maybe I'll be able to introduce a few more peeps to you...
20:49 smoof :)
20:50 UtahDave smoof: sounds good!  Let me know how I can help!
20:53 UtahDave JasonSwindle: let me know if you have any questions about that. It's pretty simple.
20:57 bluemoon joined #salt
21:00 napperjabber joined #salt
21:02 bemehow joined #salt
21:03 hhtp joined #salt
21:04 smoof left #salt
21:05 Jahkeup_ joined #salt
21:06 bostonian joined #salt
21:06 bostonian Is it common for the salt master to use 300+ MB of memory?
21:09 synestine bostonian: Not that I'm aware of, but it depends on what OS you're using and how many Minions it's managing.
21:10 synestine left #salt
21:10 synestine joined #salt
21:10 bostonian synestine: I'm using Ubuntu 12.04 and only managing 3 minions
21:10 synestine Oops, wrong key.
21:10 synestine What version of Salt?
21:11 synestine And how long has it been running?
21:11 hazzadous joined #salt
21:12 StDiluted I'm on ubuntu 12.04, salt-master is running 9 processes, and consuming 247MB of memory as reported by top
21:12 jslatts joined #salt
21:13 LyndsySimon joined #salt
21:13 AviMarcus joined #salt
21:14 synestine I'm on CentOS 6.4 x64, Salt 0.15.3 and Salt is 9 processes consuming around 30MB each, so if you ere to total that up, I guess it would be in the ballpark bostonian mentioned.
21:15 jMyles joined #salt
21:16 bostonian synestine: I'm running salt 0.16.0. It's been running for a few days
21:16 auser joined #salt
21:16 Lue_4911 joined #salt
21:17 synestine Okay, and do you have 9 salt-master processes running, each one with a RES of 15-38m?
21:21 hhtp joined #salt
21:21 opapo joined #salt
21:23 carlos joined #salt
21:24 Lue_4911 joined #salt
21:24 devinus joined #salt
21:28 JasonSwindle UtahDave:  Thanks!
21:29 cbloss can you configure the salt-master to act like a minion as well?
21:31 jpadilla joined #salt
21:34 UtahDave cbloss: what you would do is run the salt-minion on the same machine as the salt-master. Then you can manage and configure it just like any other minion
21:34 UtahDave bostonian: You might try lowering the worker_threads option in your master config by one or two.
21:34 bwghughes joined #salt
21:35 auser hey all
21:35 cbloss UtahDave: thanks I'll give it a try
21:35 UtahDave holla, auser!
21:35 bostonian UtahDave: good idea... I'll try that
21:38 DredTiger joined #salt
21:43 Jahkeup_ joined #salt
21:59 bluemoon joined #salt
22:00 jacksontj joined #salt
22:07 saurabhs joined #salt
22:10 dsaf519 joined #salt
22:10 dsaf519 anyone around that could potentially answer some question about jinja templating?
22:10 dsaf519 (s)
22:13 Linz_ joined #salt
22:14 napperjabber joined #salt
22:15 Linz_ joined #salt
22:19 stevetodd joined #salt
22:21 ProT-0-TypE joined #salt
22:22 shane joined #salt
22:22 UtahDave dsaf519: yeah, what's up?
22:23 shane question: for the Windows software repository, how do you make multiple files available for the installer (like jre1.7.0_25.msi and data1.cab)?
22:24 UtahDave shane: I haven't run into that situation with the repo before.
22:24 jalbretsen Hmmmmmmmmmmm
22:24 * jalbretsen gets in line behind shane
22:25 UtahDave I think for right now I would use a file.managed first to push down the cab
22:25 UtahDave shane: could you open an issue to add a feature to push down a file or a directory with the installer.  That needs to be in there.
22:25 kermit joined #salt
22:26 shane UtahDave: thanks, will do.
22:26 jpadilla joined #salt
22:28 jalbretsen So.... UtahDave.... are you aware of any reports of the recurse option for file.directory applying the mode even though it was not told to?
22:29 jalbretsen I'm not finding anything related in the issue, but my search foo often sucks
22:31 emocakes joined #salt
22:32 UtahDave thanks, shane
22:33 UtahDave jalbretsen: no, I haven't heard of any issues like that.  Go ahead and open an issue if you don't find a related one.
22:38 oz_akan_ joined #salt
22:38 aat joined #salt
22:43 shane UtahDave: sorry, just kind of thinking outloud, but for software that don't need an installer (like putty.exe or pscp.exe), is it better to just use file.managed or would it be better to keep that stuff in winrepo somehow?
22:45 rsimpkins Does anyone know if salt has support for extended linux file system attributes? I couldn't seem to find any docs with the googles.
22:46 auser with jinja, is there a way to append a string to each string in a list
22:46 auser anyone know?
22:47 UtahDave auser: I imagine there is, but couldn't you just use python to do that?
22:48 auser yeah, I totally would use python, but this is such a small issue in a big jinja file
22:48 UtahDave auser: can't you use python within the jina?
22:48 auser can you?
22:48 auser that'd be nice
22:49 auser that'd be nice
22:49 UtahDave shane: You can definitely push applications like putty.exe down with file.managed.  I do think it would still be nice to be able to manage it with the package manager.  What do you think?
22:52 shane UtahDave: I would prefer the latter as it makes sense from the managing packages perspective.
22:53 dthom91 joined #salt
22:53 UtahDave rsimpkins: I'm not sure.
22:54 auser hm
22:54 rsimpkins UtahDave: It doesn't look like it. I'll just whipe up some execs or something.
22:55 rsimpkins whip
22:55 UtahDave shane: Yeah, I agree.  Would you open another issue with that?
22:55 UtahDave rsimpkins: cool
23:03 shane UtahDave: I think it also makes managing versions simpler.
23:03 UtahDave shane: Yes, that's a very good point.
23:04 UtahDave shane: also, if you have an application that's basically a directory with a bunch of exe's and dll's and stuff you can push that down, and then maybe run a script to set up any reg settings and/or shortcuts and stuff
23:05 synestine left #salt
23:09 shane UtahDave: yeah, have definitely come across apps like that, particularly opensource software.
23:09 UtahDave yep
23:17 diegows joined #salt
23:20 jbunting joined #salt
23:23 dthom91 joined #salt
23:26 timl0101 joined #salt
23:29 redbeard2 joined #salt
23:36 chrisgilmerproj left #salt
23:36 timl0101 joined #salt
23:37 jacksontj joined #salt
23:46 Gifflen joined #salt
23:46 Thiggy joined #salt
23:47 Thiggy The match.grains module seems to always be returning false for me: https://gist.github.com/jthigpen/c217f738ce2d4e0b8524 Am I screwing up the syntax?
23:49 UtahDave Thiggy:     sudo salt -G 'os:Ubuntu' test.ping
23:50 Thiggy returns True
23:50 Thiggy so all my ubuntu boxen
23:50 Thiggy *for
23:51 UtahDave I have to head out right now. I can be back on line in a couple hours Thiggy.
23:51 Thiggy np
23:56 efixit joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary